Knox Active Protection

Knox Active Protection is a set of security mechanisms that defend against mobile device attacks that attempt to modify, observe, or otherwise influence certain critical parts of the device operating system or its data.

Knox Active Protection is always enabled for enterprise users, that is, those users with an enterprise-managed Workspace. Through the Smart Manager app, non-enterprise users may optionally enable Knox Active Protection to gain its benefits.

Why is Knox Active Protection disabled by default for non-enterprise users?

Knox Active Protection introduces a very small change in performance which adds about one second to device boot up time.

How does it work?

In the Knox 2.4 release, Knox Active Protection includes two protection mechanisms:

• DM-Verity — This ensures the integrity of code and data in the system partition of the device FLASH storage. This partition is the only section of FLASH containing code having permission to perform privileged operations, hence the additional protection. Specifically, this partition includes all the Android code/data, preloaded system apps, and system daemon processes. It specifically does not include apps installed by the user or the associated user data.

• Real-Time Kernel Protection (RKP) — This detects and prevents unauthorized access to or modification of selected critical kernel code and data structures.

* Knox Active Protection features may vary depending on your device model. Future releases may change, optimize, or augment the functionality and performance of Knox Active Protection based on real-world market feedback.